Administrating Multi-Server Domains With Oracle Coherence 6-11 The config.xml file is located in the DOMAIN_DIRservernameconfig directory of each server, where DOMAIN_DIR refers to the domain directory and servername refers to the name of your server, such as d:\oracle_cep_ home\user_projects\domains\mydomain\myserver1\config. You must specify one of the following values for the security child element: ■ none—Default value. Specifies that no security is configured for the multi-server domain. ■ encrypt—Specifies that multi-server messages should be encrypted. Observe the correct order of child elements in the cluster element. See Section 5.5, Order of cluster Element Child Elements . 3. Edit the DOMAIN_DIRservernameconfigsecurity-config.xml file of each server in the multi-server domain by adding the encryption-service child element of the config root element, as Example 6–7 shows. Example 6–7 The security-config.xml File encryption-service Element config encryption-service signature-enabledtruesignature-enabled encryption-service css-realm ... config 4. Ensure that the DOMAIN_DIRservername.msainternal.dat file for each server in the multi-server domain is exactly the same by copying the file from one server to the other servers. This file is automatically created by the Configuration Wizard when you first created the server; Oracle CEP uses this file for encrypting messages. For example, assume all the servers in your domain are located in the d:\oracle_cep\user_projects\domains\mydomain directory, and that the domain has three servers: server1, server2, and server3. To ensure they all have the same .msainternal.dat file, copy the one from server1 to the other servers: prompt cd d:\oracle_cep\user_projects\domains\mydomain\server1 prompt cp .msainternal.dat ..\server2 prompt cp .msainternal.dat ..\server3 5. Start one of the servers in your domain. See Section 6.5, Starting and Stopping an Oracle CEP Server in a Multi-Server Domain . Because of the encryption-service element that you added to the security-config.xml file in step 3, Oracle CEP automatically creates the .msasig.dat file in the main server directory. Oracle CEP uses this file for digitally signing messages. 6. Stop the server you just started. See Section 6.5, Starting and Stopping an Oracle CEP Server in a Multi-Server Domain . 7. Copy the .msasig.dat file you created in step 5 to the other servers. 6-12 Oracle Complex Event Processing Administrators Guide For example: prompt cd d:\oracle_cep\user_projects\domains\mydomain\server1 prompt cp .msasig.dat ..\server2 prompt cp .msasig.dat ..\server3 8. Perform the following steps on each server in the cluster: ■ Open a command window and set your environment as described in Setting Your Development Environment in the Oracle Complex Event Processing Getting Started. ■ Change to the DOMAIN_DIRservername directory, where DOMAIN_DIR refers to the domain directory and servername refers to the name of your server, such as d:\oracle_cep_home\user_ projects\domains\mydomain\myserver1. prompt cd d:\oracle_cep_home\user_projects\domains\mydomain\myserver1 ■ Create a keystore coherence-identity.jks containing the boot user using the JDK keytool utility and the following command line broken here for readability; in practice the full command should be on one line: prompt keytool -genkey -v -keystore configcoherence-identity.jks -storepass PASSWORD -alias BOOT-USER -keypass BOOT-USER-PASSWORD -dname CN=BOOT-USER Where: – PASSWORD is the password used to secure the keystore. – BOOT-USER is the user name you used to log into the Oracle CEP server host. – BOOT-USER-PASSWORD is the password you used when you logged into the Oracle CEP server host. ■ Create a permissions.xml file. ■ Edit the permissions.xml file to add the following permission for the boot user: permissions grant principal classjavax.security.auth.x500.X500Principalclass nameCN=BOOT-USERname principal permission targettarget actionallaction permission grant permissions Where BOOT-USER is the user name you used to log into the Oracle CEP server host. ■ Save and close the permissions.xml file. ■ Create a login.config file. ■ Edit the login.config file to add the following: